fry2010 Posted May 2, 2009 Share Posted May 2, 2009 I am trying to implement logging in for users that have cookies disabled. I have been appending ?'.htmlspecialchars(SID).' to the end of every signle link that users will need. I have a couple of questions/issues with this. First is, is it possbile to not have this display in the URL if its just a regular browser ie they have not logged in. At the moment even if a user with cookies disabled does not log in, it appends the PHPSESSION ID to the URL, but I would like to avoid this for only when a user is actually logged in. The second thing is how do I actually use the SID for obtaining their username when they are logged in? Also is this actually the correct way to go about it? I have read loads of other articles on it but they either say you shouldnt use it, or say its the only way to go. So im a little confused about the whole thing. Link to comment https://forums.phpfreaks.com/topic/156514-cookies-disabled-appending-sid/ Share on other sites More sharing options...
Yeodan Posted May 2, 2009 Share Posted May 2, 2009 I think you're better of using sessions, as far as I know sessions don't use cookies, but they probably do. for the invisible part add an invisible text box on your forms and send it with POST for the username you need a database where the ID + username is stored ID should be unique so you just search for the ID and you can fetch the name from that record hope my rookie advice helps you Link to comment https://forums.phpfreaks.com/topic/156514-cookies-disabled-appending-sid/#findComment-824148 Share on other sites More sharing options...
fry2010 Posted May 2, 2009 Author Share Posted May 2, 2009 Yeah that is the way I fort about doing it, was applying the id inside the database and then querying it on each page, but I also wanted to avoid that. I didnt want to constantly be opening database connections on each page load. Yeah the session is stored, so ignore my second comment I just realised Im already obtaining the username, DOH. But if you notice on this website, if you disable cookies, the SID is always appended to the URL even if you dont log in. So I would assume that they do not store the ID in a database. I guess its either that way, or putting it in the database. Thanks for your help. Link to comment https://forums.phpfreaks.com/topic/156514-cookies-disabled-appending-sid/#findComment-824150 Share on other sites More sharing options...
Mchl Posted May 2, 2009 Share Posted May 2, 2009 Read the manual entry on sessions. When cookies are disabled in browser, PHP appends session id to url automatically. Link to comment https://forums.phpfreaks.com/topic/156514-cookies-disabled-appending-sid/#findComment-824170 Share on other sites More sharing options...
fry2010 Posted May 2, 2009 Author Share Posted May 2, 2009 yeah this is what im doing with appending it to the URL. I just wondered if you can remove it if people dont log in, because it appends to the URL for anyone. Link to comment https://forums.phpfreaks.com/topic/156514-cookies-disabled-appending-sid/#findComment-824177 Share on other sites More sharing options...
cringe Posted May 2, 2009 Share Posted May 2, 2009 If you don't want the session ID in the URL, then set session.use_only_cookies = 1 . ini_set( 'session.use_only_cookies', 1) And if you want to tack the session id onto links and in forms as a hidden input field and even images (any query string key/value pairs), use output_add_rewrite_var . Link to comment https://forums.phpfreaks.com/topic/156514-cookies-disabled-appending-sid/#findComment-824215 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.